# Generated by iptables-save v1.4.7 on Thu Dec  6 17:38:59 2012
*nat
:PREROUTING ACCEPT [39:8025]
:POSTROUTING ACCEPT [15:1144]
:OUTPUT ACCEPT [15:1144]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE 
COMMIT
# Completed on Thu Dec  6 17:38:59 2012
# Generated by iptables-save v1.4.7 on Thu Dec  6 17:38:59 2012
*mangle
:PREROUTING ACCEPT [505:47378]
:INPUT ACCEPT [504:47314]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [414:45455]
:POSTROUTING ACCEPT [414:45455]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill 
COMMIT
# Completed on Thu Dec  6 17:38:59 2012
# Generated by iptables-save v1.4.7 on Thu Dec  6 17:38:59 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT 
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT 
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT 
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p udp -m udp --dport 123 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT 
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable 
COMMIT
# Completed on Thu Dec  6 17:38:59 2012